create a vnet jail in rc.conf

[Julian Elischer]

Reinhard Haller wrote:
> Julian Elischer schrieb:
>> Julian Elischer wrote:
>>> Reinhard Haller wrote:
>>>> I tried it with the following, but suffered intermittent routing
>>>> problems (route6d died and cannot be restarted):
>>>>
>>>>    jail -c vnet name=d1 host.hostname=dns1.intern.de path=/jails/dns1
>>>> persist
>>>>    jail -c vnet name=d2 host.hostname=dns2.intern.de path=/jails/dns2
>>>> persist
>>>>    ifconfig bridge0 create
>>>>    ifconfig epair create
>>>>    ifconfig epair create
>>>>    ifconfig bridge0 addm epair0a addm epair1a up
>>>>    ifconfig epair0a inet6 fd08:e8a3:4825:10::1
>>>>    ifconfig epair0b vnet 1
>>>>    ifconfig epair1b vnet 2
>>>>    jexec 1 csh
>>>>    ifconfig epair0b inet6 fd08:e8a3:4825:10::10
>>>>    route -n add -inet6 default fd08:e8a3:4825:10::1
>>>>    exit
>>>>    jexec 2 csh
>>>>    ifconfig epair1b inet6 fd08:e8a3:4825:10::11
>>>>    route -n add -inet6 default fd08:e8a3:4825:10::1
>>>>    exit
>>>>
>>>> Is this the way to get a stable vnet system?
>>> using epair and bridge is probably suboptimal.
>>>
>>> try using:
>>> 1: three epair sets to make a mesh (usable with smal nunbers fo jails)
> 
> Do you mean 2 ip-addresses per jail and another 2 for the host?
> 
>>> 2: using netgraph to make a bridge..
> 
> bridge + epair are cloneable interfaces, they are created before pf
> starts. The netgraph stuff is problematic when using interfaces in pf.conf.

though in 8.1 and 9 each jail has its own pf.

> 
> 
> _______________________________________________
> freebsd-virtualization at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-virtualization
> To unsubscribe, send any mail to "freebsd-virtualization-unsubscribe at freebsd.org"